董事会责任内部控制与风险管理

BoardresponsibilityforinternalcontrolandriskmanagementbyKiattisakJelatianranatChairman,TheInstituteofInternalAuditorsofThailandDirector,PricewaterhouseCoopers1pwc2ndAsianRoundtableonCorporateGovernanceResponsibilityVSAccountability•ResponsibilityWhat,andWhowilldo?•AccountabilityHow,andForwhom?……….BothneedindependenceandobjectivityKiattisakJelatianranatpwc231May20002ndAsianRoundtableonCorporateGovernanceBalancedScorecardinCorporateGovernancepwc•Financial&non-financialinformation.•EquitableTreatmentofstakeholders.•CombinationofLaggingandLeadingInformation.•Alignmentofshort-termobjectivesKiattisakJelatianranat331May20002ndAsianRoundtableonCorporateGovernanceBalancedResponsibility……legal&moralpwc•Createstrategicvision•SelectCEO&Seniormanagement•Establishstrategic,accountableinformation•Independent,objectiveandcompetentoversightofday-to-dayoperationsBoard“core”responsibilities……….KiattisakJelatianranat431May20002ndAsianRoundtableonCorporateGovernanceBoardEffectivenesspwc•Corporategovernanceframework•Riskmanagementsystem•Internalcontrolsystem•AuditingxBoardinitiative&Ownershipof:xSelectionofCEO&seniormanagementxOversightofCEO&seniormanagementtoestablish•Accountingsystem•MIS•Complianceprogram•OperatingsystemsKiattisakJelatianranat531May20002ndAsianRoundtableonCorporateGovernanceWhycorporategovernancematters?pwc•Effectivegovernance,and•PropercommunicationwithyourstakeholdersSustainableGrowthPleasantWorkingEnvironmentSpiritKiattisakJelatianranat631May20002ndAsianRoundtableonCorporateGovernance来自………..pwc•RiskAssessment-Identify-Measure-Prioritize•RiskManagement-Assessadequacyofexistingcontrols-Developacontrolimprovementplan-Createacontinuousprogramforobjectives,riskandcontrolassessmentKiattisakJelatianranat831May20002ndAsianRoundtableonCorporateGovernanceRiskManagementActionOptionspwcKiattisakJelatianranat931May20002ndAsianRoundtableonCorporateGovernanceOptionsFixControlsRe-EngineerProcessTrainingsTransferRisk(Insurance)OutsourcetheFunctionDonothing-BetWell-controlledOrganizationspwcKeyattributesofawell-controlledorganizationinclude:#1.LeadershipofBoard#2.Translationofstrategicvisiontoday-to-daymanagement#3.Communicationofobjectives&valuestoalllevels#4.Individualaccountability#5.Riskmanagementsystem#6.Humanresourcesreinforcement#7.Independent,objectiveandcompetentoversightKiattisakJelatianranat1031May20002ndAsianRoundtableonCorporateGovernanceRisk&Control:Thetwinsystemspwc•Definestrategicrisk•Articulateriskphilosophy•Definevaluesandbehavioralexpectations•Assessrisk•Managerisk•Assessexistingcontrols•Selectcontrolmodel•Continuouscommunication•ContinuousprogramforORC•Developacontrolimprovementplan…Operationsaredynamicandevolving...AlignmentControlRiskObjectiveKiattisakJelatianranat1131May20002ndAsianRoundtableonCorporateGovernanceComplexityofValuechain……..pwc•Aboardmusthavethecapabilitytorespondtoandmanagechanges.•“RiskManagement”and“BusinessControl”arethefirstthingforanyboardconsideration.KiattisakJelatianranat1231May20002ndAsianRoundtableonCorporateGovernanceInternalControlLearnedinRealWorldpwc•Focuson“SoftControl”inassessingallofCOSO’s“FiveComponents”and“ThreeObjectives”.•SoftControlsaresubjectiveinnature,thusself-assessmentiscrucialforsuccess.•Implementationasanintegralculturalchange.•InternalControltrainingisa“must”.•Tailorpracticestoanorganizationtoassurethesurpassingexpectedbenefitsfromtheimplementation.KiattisakJelatianranat1331May20002ndAsianRoundtableonCorporateGovernanceCOSO’sInternalControlDefinitionpwcisaprocess,effectedbyanentity’speople(boardofdirectors,management,andotherpersonnel),designedtoprovidereasonableassuranceregardingtheachievementofobjectivesinthefollowingcategories:•Effectivenessandefficiencyofoperations•Reliabilityoffinancialreporting•CompliancewithapplicablelawsandregulationsKiattisakJelatianranat1431May20002ndAsianRoundtableonCorporateGovernanceControlRealitypwc•Focusonpeopleandprocess,notmerelypolicymanualsandforms•Requiredynamicandinteractiveevaluationtechniques.•VerifyingcompliancewithpoliciesandproceduresisnotsufficientKiattisakJelatianranat1531May20002ndAsianRoundtableonCorporateGovernanceFiveComponentsofCOSO’sControlFrameworkpwcKiattisakJelatianranat•ControlEnvironment:TheFoundationonwhicheverythingrests.•RiskAssessment:Awareofanddealwiththerisksitfaces.•ControlActivities:Actionsidentifiedbymanagementasnecessarytoaddressriskstoachievementofobjectives.•Information&Communication:Peopletocaptureandexchangetheinformationneededtoconduct,manageandcontroloperations.•Monitoring:Reactdynamically,changingasconditionwarrant.1631May20002ndAsianRoundtableonCorporateGovernanceFromBackroomToBoardRoompwcKiattisakJelatianranatOrganizationsinthe21stCenturymustmoveinternalcontrolissuesfromtheir“Backroom”(OperatingLevel)to“Boa